From bdddaef9bb7f18f1c34f33dfbe03e810cbe02f91 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 7 Jun 2022 10:34:59 +0200
Subject: [PATCH] test: ssl: Enable client authentication in handshake state
 tests

The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/suites/test_suite_ssl.data     | 4 ++--
 tests/suites/test_suite_ssl.function | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 09908441c..08aaa1cab 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -238,11 +238,11 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1
 
 TLS 1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY
 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
-move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0
+move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1
 
 TLS 1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY
 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
-move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0
+move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1
 
 Handshake, tls1_2
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index f44569dcf..8d683adb4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -967,6 +967,8 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
     if( group_list != NULL )
         mbedtls_ssl_conf_groups( &(ep->conf), group_list );
 
+    mbedtls_ssl_conf_authmode( &( ep->conf ), MBEDTLS_SSL_VERIFY_REQUIRED );
+
     ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) );
     TEST_ASSERT( ret == 0 );